From fa1f3aec334eb17aa0283e10d2067d8e03063de4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 28 Sep 2023 10:33:00 +0200
Subject: [PATCH] bootctl: report if have been booted with a measured UKI

Just expose the result of efi_measured_uki() to the user.
---
 src/boot/bootctl-status.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/boot/bootctl-status.c b/src/boot/bootctl-status.c
index a6520e07197..73893dee69e 100644
--- a/src/boot/bootctl-status.c
+++ b/src/boot/bootctl-status.c
@@ -420,6 +420,16 @@ int verb_status(int argc, char *argv[], void *userdata) {
                        (s & TPM2_SUPPORT_DRIVER) ? "driver only, firmware unavailable" : "no",
                        ansi_normal());
 
+                k = efi_measured_uki(LOG_DEBUG);
+                if (k > 0)
+                        printf("  Measured UKI: %syes%s\n", ansi_highlight_green(), ansi_normal());
+                else if (k == 0)
+                        printf("  Measured UKI: no\n");
+                else {
+                        errno = -k;
+                        printf("  Measured UKI: %sfailed%s (%m)\n", ansi_highlight_red(), ansi_normal());
+                }
+
                 k = efi_get_reboot_to_firmware();
                 if (k > 0)
                         printf("  Boot into FW: %sactive%s\n", ansi_highlight_yellow(), ansi_normal());
-- 
2.47.3